Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tpm2-tss / 6554780781e751ce072327fdb72efdaae0856ced
commit6554780781e751ce072327fdb72efdaae0856ced[log] [tgz]
authorGang Wei <gang.wei@intel.com>Tue Sep 20 23:08:02 2016 +0800
committerPhilip Tricca <philip.b.tricca@intel.com>Thu Sep 29 11:03:08 2016 -0700
treed16583d76b7d77b3d354103edf29c5cad38739af
parent66f9b17b640744dacadc77fab307d1d5ec47fb5b [diff]
RM: Fix persistent object handling issues after RM restarted

If some persistent objects were created before RM was launched or
during the last launch period, RM can't reload those handles into
the handle entries due to the missing of hierachy information.

This will make tpm2 create/load cmd fail when the parent handle
is a old persistent handle since it can't be found in the handle
map. This will also make tpm2 evict control return 0xa000a, since
after tpm returns response, it the handle will not be able to be
found in the handle map.

For evict control case, simply omit the entry missing failure for
persistent object is ok.

For create/load case, if parent is a old persistent object, skip
the entry matching and set the current hierarchy to TPM_RH_NULL as
a workaround.

The worst case will be that several handle map entries w/ NULL
hierarchy will not be able to be cleared by hierarchy change cmds,
but they will be released when the owner connection finished.

Not perfect, but it is already the most optmized solution.

Signed-off-by: Gang Wei<gang.wei@intel.com>
1 file changed
tree: d16583d76b7d77b3d354103edf29c5cad38739af
  1. common/
  2. contrib/
  3. doc/
  4. include/
  5. lib/
  6. resourcemgr/
  7. sysapi/
  8. tcti/
  9. test/
  10. .gitattributes
  11. .gitignore
  12. bootstrap
  13. ChangeLog
  14. configure.ac
  15. INSTALL
  16. LICENSE
  17. Makefile.am
  18. README.md
README.md

TPM (Trusted Platform Module) 2.0 Software Stack (TSS):

This stack consists of the following layers from top to bottom:

  • Feature API (FAPI), see specification 0.12, (published but still in progress and unimplemented)
  • Enhanced System API (ESAPI), (specification in progress and unimplemented)
  • System API (SAPI), see 1.0 specification, (public, 0.97 implementation complete). This layer implements the system layer API level of the TSS 2.0 specification. These functions can be used to access all TPM 2.0 functions as described in Part 3 of the TPM 2.0 specification. The usefulness of this code extends to all users of the TPM, even those not planning to use the upper layers of the TSS.
  • TPM Command Transmission Interface (TCTI), used by SAPI to communicate with next lower layer (either the TAB/RM or TPM 2.0 device driver), see SAPI specification
  • Trusted Access Broker/Resource Manager (TAB/RM), see 0.91 specification, (public, implementation complete). This layer sits between the system API library code and the TPM. It is a daemon that handles all multi-process coordination and manages the TPM's internal resources transparently to applications.

Since the FAPI and ESAPI haven't been implemented yet, this repository only contains the SAPI and layers below it, plus a test application for exercising the SAPI.

The test application, tpmclient, tests many of the commands against the TPM 2.0 simulator. The tpmclient application can be altered and used as a sandbox to test and develop any TPM 2.0 command sequences, and provides an excellent development and learning vehicle.

Build and Installation Instructions:

Run Instructions

Architecture/Block Diagram

Code Layout

Resources

TPM 2.0 specifications can be found at Trusted Computing Group.